wid-sec-w-2026-0947 · Published 2026-03-31 · View on BSI CERT-Bund ↗

CUPS: Multiple Vulnerabilities

CVSS 6.5 MEDIUM

Risk Summary

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.

CVEs (4)

CVE-2026-27447 CVE-2026-34978 CVE-2026-34979 CVE-2026-34980

Affected Vendors

Open Source

Affected Products (2)

Open Source · CUPS <2.4.17

Open Source · CUPS 2.4.17

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more